I agree that advertisement for a company is important, but many marketers use their gift to change viewpoints in opinions and facts, and control what you see on the internet. That is what is very dangerous, and should be avoided.

Yea, Im one of them! Send hjelp, btw.

Administrator i find this funny, but awful at the same time.

@Peter if you are in russian, don't use mail.ru Here's their article on the russian ban: protonmail.com/blog/russia-block/

@Peter Use PM through a non-Russia based VPN over Tor, so your ISP doesn't know your using tor.

truth :p

If you print out a picture of someone's personal information and eat it, then yes.

i hope blockchain will provide this

And it's up to you to teach them differently.. “Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” ... Snowden

They'll ask the same question about what's called "food"

They earn from ads way more than they will from subscription but they should definitely give the option. Still 90% people don't understand how vulnerable they are but soon breach of privacy might become their concern.

and in the fineprint they would still reserve rights to look into your data X)

The ProtonUnix OS, a beloved hybrid of privacy and efficiency.

ProtonOS 🤔

working on it. :)

You comment didn't aged well. I wonder if you know why..

.. go I have since proven not to be as private since the Ukrainian war started they have been sharing information that they would otherwise consider private.

Somewhat. With PGP you have more control about how the data is encrypted and who you trust but it takes knowledge to use properly. ProtoMail abstracts that between ProtoMail emails.

That's exactly how PGP works.

theslimeylimey Looks like the basic public/private key authentication that's being extensively used throughout the Internet. Didn't really get how ProtoMail is different.

Yes, ProtonMail is built upon an OpenPGP framework. The difference how easy it is to use, I don't have to explain to my grandma/mother/friend/coworker/business contact how to setup their public/private key pair.

Alex Rosier Really though, I'm tech savy and it even took me quite a bit of reading to understand PGP. But once the concept of private key/public keys sharing clicks in your mind, it's pretty simple and just a matter of entering different commands.

So they simply make their money by non-targeted ads? If so that certainly sounds a lot better than Google & Co.

***** Hope you like it. you can make searches on specific websites from the search bar if you set it as your main search engine; for example to make automatically a search on KZfaq you can type what you want to find on youtube and "!yt" to get directly the youtube results. Works also with google image !gi, google translate !gt, wikipedia !w and many others.

Or use startpage.com if you're addicted to Google's algorithm.

***** Saddly I don't know most of these websites or companies :/ I'm not an expert at all when it comes to websites that respect your privacy, but I heard about a few like Duckduckgo that I thought were really worth promoting.

***** Thanks :) i'll give them a look,

+Sion Creating a key with dual unlocks is impossible from my knowledge. The reason it takes a few minutes to generate the key is because it's so massive, that super computers can't decrypt it.

+TheSkepticSkwerl +Sion It's actually not because it is a massive number, but more because it is a massive number based on massive primes. Look up Prime Factorization.

@@TheSkepticSkwerl do you know then where exactly this key is stored? It can't be on my computer because otherwise I wouldn't be able to access ProtonMail from multiple computers. So there must be more going on. I know for SSH, I have my SSH keys saved on my physical hard drive. Something different is going on with ProtonMail

I believe ads should exist, but I do not think they should steal data. Ads would work with the non intrusive pagewrite:"" command

And there’s the problem - you think Asian Americans are smarter? More gifted. Dump the race bs.

Sadly, yes.

Extremely grey. Only if you're a technical genius can you get a legitimate answer.

Thats what theyre trying to solve. The reason nothing is private is because people are careless, and companies have a motivation to invade your privacy. Things CAN be private but it requires the users to actually take steps to make it happen.

(Y)

Soon he will be

+Saber Ben Salem last row, in the middle, it's Telegram. Pretty cool messaging app that works everywhere: android, apple, web, linux... But not 100% open source.

+Saber Ben Salem the black lock is Text Secure. A bit better that Telegram, not not as user friendly. I would add Red Phone.

+Petre Tudor Thank you so much, you've been really helpful ^^

+Saber Ben Salem So I summarize so far : ProtoNet, OwnCloud, SpiderOak DuckDuckGo, Bitcoin, ??? TOR, ProtonMail, TextSecure ???, Convergence, TOX ???, Telegram, BlackPhone still 3 projects i can't figure out

ProtoNet, OwnCloud, SpiderOak Duckduckgo, Bitcoin, Bleep TOR, Protonamil, TextSecure ChatSecure, Convergence, TOX Cryptocat, Telegram, BlackPhone

+SoulTemptation Concept and my assumption is that the client creates the key pairs and performs the encryption or decryption using client-side code such as Javascript or Java. If you look at the code at 8:00, they were using jQuery/UI as the example of the software used to facilitate the client only concepts of key exchange. Hence the "may take up to 5 minutes and freeze your browser" message during account creation, as it generates the key pair. Where or how the key pair is saved to the client from the browser is unknown, maybe as an image? It also means changing your mailbox password, would require multiple days of CPU and network usage to propagate through even as little as a month of emails and attachments for most end-users and the amount of spam that is currently in circulation, since the MTAs and firewalls would no longer be able to prevent them.

+fyrye startcom's ssl process involves startcom issuing you a personal certification and installs it on your computer as personal cert so you use that to login and verify your identity and stuff. im sure its doing something similar. but if the keys are truly out of the server, than you would need to manually copy your cert/keys to every device that you are going to send and receive emails from.

+John Kim SSL is not used as it is used to encode the data on the client and decodes it on the server, protecting the encrypted data from man-in-the-middle attacks. Startcom is illuding to encrypting emails on the server relying on a key exchange from the client to encode/decode the data between peers.

+fyrye no i was just saying that the certs not on the server but it is installed on your computer so you would have to manually copy your cert or keys to all your devices. starcom was just an example.

He Chineeee

Nope. Those are two different things. The World Wide Web was indeed created in CERN (how websites works mostly). The internet and its ancester ARPA Net was invented in US.

But if you trust them there is no more problem! Personally I trust PM and use it, and do not think that they do things you talk about. You have the right to do what you want. In the world exist honest people too, despite that there so many idiots...

That's what I said to my gf ;)

What gets me is that he discussed how complex PGP is, and then appeared to describe how PGP works. I'm only 8 minutes in so far, but ProtonMail currently looks a whole lot like PGP....

>Regardless of the above, the NSA has the means to decrypt or brute force their way if they wanted to. It depends on the encryption. The NSA isn't staffed by wizards with anti-strong-crypto magic spells. Even if they were able to crack specific users' systems to extract their private keys, they would no longer be able to do mass surveillance without people finding out about it. The protonmail model is susceptible to mass key theft via cracking their systems. An attacker would be able to modify the code of their web-based cryptosuite in a way that leaks the private key, and then any user that logged in until they noticed the breach would have their private key leaked, and all of their previous communications compromised, including those deleted from the server, since it doesn't have perfect forward secrecy. This could also be done with a MitM attack that exploited either the TLS cryptosuite of the browser or server, or the CA trust model used to securely distribute the protomail code, which is inherently broken against established powers.

(Have now watched entire video) Agreed with joaorstm. When they started describing how asymmetric crypto worked I thought he would say he created a Firefox and Chrome extension that made easy the use of PGP on the existing powers-that-be email services. If I had a browser extension that added a "Encrypt" checkbox next to the send button in Gmail, Yahoo Mail, and Windows Live Mail, that would make my day. Such a system wouldn't be susceptible to the mass key theft attack that jaorstm describes, though the lack of perfect forward secrecy is still an issue.

joaorstm -You can't make %100 security, Whatever you make someone will have the chance to break, and the NSA is interested in breaking it and does have the wizards and magic spells in this case, Which are nothing more that resources and time.- -Protonmail swipes us and the companies that are providing us with services from the the issue of centralizing the process on the handlers which are the companies and leaves the burden on the users making it difficult to use the server-backdoor formula or th- I feel like I'm stating the obvious, Ditto would be and easier reply.

zellfaze Exactly, i thought of it as an extension, something close to Mega, but i assume that i have something wrong in my understanding, that's why i asked _'does this scenario require that Bob and Alice are both using Protonmail? to exchange the keys.'_ But why wouldn't the assumed extension be exposed to mass key theft? if you didn't see the source code wouldn't it be a possibility that the whole thing is layered?

And I'd like to know whether this scenario will make Protonmail useless: you use Protonmail but your friend uses Gmail, and the replies have a history trail, then what's the point of encryption if Gmail servers still get a copy of the conversation?

The private key is client-side generated with the users password. So if you log into the ProtonMail account on another device the private-key is generated locally again.

SlykeThePhoxenix You have a problem. You will need to transfer that key somehow from one device to all of your devices using that service. Another problem is that you had to make new key every few months and again distribute it over to all of your devices by yourself. Maybe they could just let everyone who knows your last key to get the new one each few months, but that is just a unnecessary cryptographic hole.

از تلگرام سایت ادتلاین دانلود و در ایمپورت اوت لاین نصب میکنیم

Even so, how can it be worse than what we have now ? I know for a fact that 75% of the users in my country entrust with their email the same company that gives us the news and weather. And that's the same country that doesn't have a single shop which doesn't sell contraband products.

Bruce Wayne relatively certain demoncrypt solves all related privacy concerns for everybody, generally speaking.

Well, a key isn't made if you wanna communicate with a Gmail or Yahoo user. Rather, you write the email, put a password on it, and then Protonmail sends a link to that user. In order to see the email, the user needs to put in the password that the author set up.

There's an option to send them an encrypted email, but they'll need a password to decrypt it. Either way, just tell them to start using protonmail dude. The more people you get on board, the better.

Even in this case is better option. Google not only read your emails but also store IP addresses which are the key point to create your profile. If you do not use their services they cannot do this.

First off, they worked for CERN, and that's it. That is the only connection they have with CERN, I believe. And even if CERN controls this program, what's wrong with that?

The US Gov contributed to the development of Tor.

@@jaafersa "old habits die hard" meaning if one worked for cern-which requires even the janitors to have a clearance, surely that means a former employee doesn't just "give up" the ideals of cern unless he's a whistleblower. And if he's a whistleblower, I'm more than likely sure he wouldn't be going around making a new email and privacy service and Ted talks which are basically just a convention to sell new ideas, products and technology in front of a bunch of rich people.

You mean the heart bleed bug. Which is what happened to googles server that was advertising the keys accidently . This is using md5 rsa encryption. Another computer sends you the code to used to encrypt the mail. Your computer after its encrpted it doesnt know how to decrypt it because it was not sent the other half of the key.

no ***** , way before that actually. www.theverge.com/2013/12/20/5231006/nsa-paid-10-million-for-a-back-door-into-rsa-encryption-according-to

that's the point, they are encrypting it locally

no, the whole point of this is that it's stored on your computer, not their servers

@@skybird3809 In fact, it is not stored. Your password is used to generate the key.

Nvm. I guess lets not comment before watching the entire video.

I use it too! :)

Jared Berelowitz lol